Four malicious packages were discovered in the npm software repository, designed to infect developers' computers with information-stealing malware and a DDoS bot called Phantom. The packages targeted JavaScript developers who unwittingly downloaded them while building applications, turning their machines into tools for stealing sensitive data and launching distributed denial of service attacks. This incident highlights the ongoing security threat posed by compromised open-source software packages that can slip through repository defenses.